Move supabase query in verify-card to nextjs api route, extract redir…

…ect url to env var
HackSC · Oct 31, 2023 · 2a7f994 · 2a7f994
1 parent 34d0e3a
commit 2a7f994
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 29 deletions.
diff --git a/apps/sso/components/verify-card/verify-card.tsx b/apps/sso/components/verify-card/verify-card.tsx
@@ -9,6 +9,17 @@ import Image from 'next/image';
 import { MutatingDots } from 'react-loader-spinner';
 import { Button } from '@hibiscus/ui-kit-2023';
 import { useHibiscusSupabase } from '@hibiscus/hibiscus-supabase-context';
+import axios from 'axios';
+
+const updateRole = async (userId: string) => {
+  try {
+    await axios.put(`/api/update-role/${userId}`);
+  } catch (e) {
+    if (e.response != null) {
+      console.log(e.response.data);
+    }
+  }
+};
 
 export function VerifyCard() {
   const router = useRouter();
@@ -36,22 +47,8 @@ export function VerifyCard() {
         router.query.lastname.toString()
       );
 
-      const role = await supabase
-        .getClient()
-        .from('user_invites')
-        .select('role')
-        .eq('email', email);
-      console.log(data);
-      console.log(role);
-      if (role !== null) {
-        console.log('adding judge status');
-        const { error } = await supabase
-          .getClient()
-          .from('user_profiles')
-          .update({ role: '7' })
-          .eq('user_id', data.user.id)
-          .select();
-      }
+      await updateRole(data.user.id);
+
       HibiscusSupabaseClient.setTokenCookieClientSide(
         data.session.access_token,
         data.session.refresh_token

diff --git a/apps/sso/pages/api/update-role/[userId].ts b/apps/sso/pages/api/update-role/[userId].ts
@@ -0,0 +1,63 @@
+import { HibiscusSupabaseClient } from '@hibiscus/hibiscus-supabase-client';
+import { NextApiHandler } from 'next';
+import { container } from 'tsyringe';
+
+const handler: NextApiHandler = async (req, res) => {
+  const { userId } = req.query;
+  const userIdString = userId.toString();
+
+  if (req.method === 'PUT') {
+    const supabase = container.resolve(HibiscusSupabaseClient);
+    supabase.setOptions({ useServiceKey: true });
+
+    const resEmail = await supabase
+      .getClient()
+      .from('user_profiles')
+      .select('email')
+      .eq('user_id', userIdString);
+
+    if (resEmail.error != null) {
+      return res.status(500).json({ message: resEmail.error.message });
+    }
+
+    if (resEmail.data.length === 0) {
+      return res.status(400).json({ message: 'Invalid user ID' });
+    }
+
+    const email = resEmail.data[0].email as string;
+
+    const resRole = await supabase
+      .getClient()
+      .from('user_invites')
+      .select('role')
+      .eq('email', email);
+
+    if (resRole.error != null) {
+      return res.status(500).json({ message: resRole.error.message });
+    }
+
+    if (resRole.data.length === 0) {
+      return res.status(200).json({
+        message: 'User does not have special role; no role change executed',
+      });
+    }
+
+    const role = resRole.data[0].role as number;
+
+    const resUpdate = await supabase
+      .getClient()
+      .from('user_profiles')
+      .update({ role })
+      .eq('user_id', userId);
+
+    if (resUpdate.error != null) {
+      return res.status(500).json({ message: resUpdate.error.message });
+    }
+
+    return res.status(200).json({ message: 'Success' });
+  } else {
+    return res.status(405).json({ message: 'Invalid request type.' });
+  }
+};
+
+export default handler;
diff --git a/apps/supabase-auth/.dev.vars.example b/apps/supabase-auth/.dev.vars.example
@@ -0,0 +1,3 @@
+SUPABASE_SERVICE_KEY=
+SUPABASE_URL=
+INVITE_REDIRECT_URL=
diff --git a/apps/supabase-auth/src/index.ts b/apps/supabase-auth/src/index.ts
@@ -1,11 +1,11 @@
 import { Hono } from 'hono';
 import { cors } from 'hono/cors';
 import { createClient } from '@supabase/supabase-js';
-import { Interface } from 'readline';
 
 export type Bindings = {
   SUPABASE_SERVICE_KEY: string;
   SUPABASE_URL: string;
+  INVITE_REDIRECT_URL: string;
 };
 
 const HTTP_BAD_REQUEST = 400;
@@ -17,37 +17,31 @@ app.use('/api/*', cors());
 
 app.get('/api/invite/:role/:email', async (c) => {
   try {
-    console.log('20');
     const supabase = createClient(
       c.env.SUPABASE_URL,
       c.env.SUPABASE_SERVICE_KEY
     );
     const role = parseInt(c.req.param('role'));
-    console.log('25');
     const email = c.req.param('email');
-    console.log('26');
-    console.log(role);
-    console.log(email);
     if (role === null || email === null || email === '') {
       return c.json(
         {
-          error: 'PARAM_ERROR',
+          error: 'PARAMETER_ERROR',
           message: 'missing required parameters',
         },
         INTERNAL_SERVER_ERROR
       );
     }
-    //role should be between 1 and 7
+    // role should be between 1 and 7
+    // maybe we shouldn't hardcode this, but I'm not sure how to change this for now
     if (role > 0 && role < 8) {
       const result = await supabase.from('user_invites').insert({
         role: role,
         email: email,
       });
-      console.log(result);
-      const { data, error } = await supabase.auth.admin.inviteUserByEmail(
-        email,
-        { redirectTo: 'sso.hacksc.com/signup' }
-      );
+      await supabase.auth.admin.inviteUserByEmail(email, {
+        redirectTo: c.env.INVITE_REDIRECT_URL,
+      });
       return c.json(200);
     } else {
       return c.json(